Recently I’ve noticed that a longstanding trend in security attestation is taking on a new twist. For some time, CPA firms, qualified security assessors (QSAs) and similar entities that focus on security attestation have been including penetration testing as part of...

Hackers are relentless in their targeted attacks on application-level security vulnerabilities. The way to mitigate these risks is to write more secure code. Cybercrime risk isn’t the only reason to focus on software security. It’s mandated as part of many information...

On first blush providing credentials to a tiger team conducting penetration tests sounds like giving the fox a key to the chicken coop. However, there are many cases where it can provide significant value. For example; you want to assess whether an authenticated...